Computer networks are often configured to incorporate network security systems in order to protect the networks against malicious activity. Such malicious activity can include, for example, installation of malware intended to create networks of compromised computers or “botnets.” Moreover, recent years have seen the rise of increasingly sophisticated attacks including advanced persistent threats (APTs) which can pose severe risks to enterprises. These APTs are typically orchestrated by well-funded attackers using advanced tools to adapt to the victim environment while maintaining low profiles of network activity. As a result, conventional network traffic analysis techniques and other traditional defenses typically deployed by enterprise network security systems today often fail at detecting and remediating malicious activity at a sufficiently early stage.